At 12:45 PM -0700 9/23/03, Anne & Lynn Wheeler wrote: >At 01:06 PM 9/23/2003 -0400, R. A. Hettinga wrote: >><http://www.guardian.co.uk/print/0,3858,4759214-103676,00.html> > >so ignore for the moment the little indiscretion >http://www.garlic.com/~lynn/2003l.html#44 Proposal for a new PKI model (At >least I hope it's new) >http://www.garlic.com/~lynn/2003l.html#50 Proposal for a new PKI model (At >least I hope it's new) > >and the part of turning a simple authentication problem into a >significantly harder and error prone (along with exploits and >vulnerabilities ... not to say expensive) problem: >http://www.garlic.com/~lynn/aadsm15.htm#4 Is cryptography where security >took the wrong branch? >http://www.garlic.com/~lynn/aadsm15.htm#7 Is cryptography where security >took the wrong branch? >http://www.garlic.com/~lynn/aadsm15.htm#11 Resolving an identifier into a >meaning > > >there has been the some past discussions of what happens to long term CA >private key management over an extended period of time, possibly involving >several corporate identities. Checking latest release browsers ... I find >two CA certificates for GTE cybertrust ... one issued in 1996 and good for >10 years and another issued in 1998 and good for 20 years. > >so lets say as part of some audit ... is it still possible to show that >there has been long term, continuous, non-stop, highest security custodial >care of the GTE cybertrust CA private keys. If there hasn't ... would >anybody even know? ... and is there any institutional memory as to who >might be responsible for issuing a revokation for the keys? or responsible >for notifying anybody that the certificates no longer need be included in >future browsers? >-- >Anne & Lynn Wheeler http://www.garlic.com/~lynn/ >Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
Note that proposals such as Tyler Close's YURL <http://www.waterken.com/dev/YURL/ > avoid the issue of trust in the TTP/CA. As such, I find them attractive whenever they can be used. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | "There's nothing so clear as | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet." -- Dean Tribble | Los Gatos, CA 95032 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]